芝麻web文件管理V1.00

编辑当前文件:/home/qrafawbu/lugarcollectibles.com/admin/controller/tool/upload.php
<?php class ControllerToolUpload extends Controller { private $error = array(); public function index() { $this->load->language('tool/upload'); $this->document->setTitle($this->language->get('heading_title')); $this->load->model('tool/upload'); $this->getList(); } public function delete() { $this->load->language('tool/upload'); $this->document->setTitle($this->language->get('heading_title')); $this->load->model('tool/upload'); if (isset($this->request->post['selected']) && $this->validateDelete()) { foreach ($this->request->post['selected'] as $upload_id) { // Remove file before deleting DB record. $upload_info = $this->model_tool_upload->getUpload($upload_id); if ($upload_info && is_file(DIR_UPLOAD . $upload_info['filename'])) { unlink(DIR_UPLOAD . $upload_info['filename']); } $this->model_tool_upload->deleteUpload($upload_id); } $this->session->data['success'] = $this->language->get('text_success'); $url = ''; if (isset($this->request->get['filter_name'])) { $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); } if (isset($this->request->get['filter_date_added'])) { $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; } if (isset($this->request->get['sort'])) { $url .= '&sort=' . $this->request->get['sort']; } if (isset($this->request->get['order'])) { $url .= '&order=' . $this->request->get['order']; } if (isset($this->request->get['page'])) { $url .= '&page=' . $this->request->get['page']; } $this->response->redirect($this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true)); } $this->getList(); } protected function getList() { if (isset($this->request->get['filter_name'])) { $filter_name = $this->request->get['filter_name']; } else { $filter_name = ''; } if (isset($this->request->get['filter_date_added'])) { $filter_date_added = $this->request->get['filter_date_added']; } else { $filter_date_added = ''; } if (isset($this->request->get['sort'])) { $sort = $this->request->get['sort']; } else { $sort = 'date_added'; } if (isset($this->request->get['order'])) { $order = $this->request->get['order']; } else { $order = 'DESC'; } if (isset($this->request->get['page'])) { $page = $this->request->get['page']; } else { $page = 1; } $url = ''; if (isset($this->request->get['filter_name'])) { $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); } if (isset($this->request->get['filter_date_added'])) { $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; } if (isset($this->request->get['sort'])) { $url .= '&sort=' . $this->request->get['sort']; } if (isset($this->request->get['order'])) { $url .= '&order=' . $this->request->get['order']; } if (isset($this->request->get['page'])) { $url .= '&page=' . $this->request->get['page']; } $data['breadcrumbs'] = array(); $data['breadcrumbs'][] = array( 'text' => $this->language->get('text_home'), 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) ); $data['breadcrumbs'][] = array( 'text' => $this->language->get('heading_title'), 'href' => $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url, true) ); $data['delete'] = $this->url->link('tool/upload/delete', 'user_token=' . $this->session->data['user_token'] . $url, true); $data['uploads'] = array(); $filter_data = array( 'filter_name' => $filter_name, 'filter_date_added' => $filter_date_added, 'sort' => $sort, 'order' => $order, 'start' => ($page - 1) * $this->config->get('config_limit_admin'), 'limit' => $this->config->get('config_limit_admin') ); $upload_total = $this->model_tool_upload->getTotalUploads($filter_data); $results = $this->model_tool_upload->getUploads($filter_data); foreach ($results as $result) { $data['uploads'][] = array( 'upload_id' => $result['upload_id'], 'name' => $result['name'], 'filename' => $result['filename'], 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])), 'download' => $this->url->link('tool/upload/download', 'user_token=' . $this->session->data['user_token'] . '&code=' . $result['code'] . $url, true) ); } $data['user_token'] = $this->session->data['user_token']; if (isset($this->error['warning'])) { $data['error_warning'] = $this->error['warning']; } else { $data['error_warning'] = ''; } if (isset($this->session->data['success'])) { $data['success'] = $this->session->data['success']; unset($this->session->data['success']); } else { $data['success'] = ''; } if (isset($this->request->post['selected'])) { $data['selected'] = (array)$this->request->post['selected']; } else { $data['selected'] = array(); } $url = ''; if (isset($this->request->get['filter_name'])) { $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); } if (isset($this->request->get['filter_date_added'])) { $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; } if ($order == 'ASC') { $url .= '&order=DESC'; } else { $url .= '&order=ASC'; } if (isset($this->request->get['page'])) { $url .= '&page=' . $this->request->get['page']; } $data['sort_name'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url, true); $data['sort_filename'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=filename' . $url, true); $data['sort_date_added'] = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true); $url = ''; if (isset($this->request->get['filter_name'])) { $url .= '&filter_name=' . urlencode(html_entity_decode($this->request->get['filter_name'], ENT_QUOTES, 'UTF-8')); } if (isset($this->request->get['filter_date_added'])) { $url .= '&filter_date_added=' . $this->request->get['filter_date_added']; } if (isset($this->request->get['sort'])) { $url .= '&sort=' . $this->request->get['sort']; } if (isset($this->request->get['order'])) { $url .= '&order=' . $this->request->get['order']; } $pagination = new Pagination(); $pagination->total = $upload_total; $pagination->page = $page; $pagination->limit = $this->config->get('config_limit_admin'); $pagination->url = $this->url->link('tool/upload', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true); $data['pagination'] = $pagination->render(); $data['results'] = sprintf($this->language->get('text_pagination'), ($upload_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($upload_total - $this->config->get('config_limit_admin'))) ? $upload_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $upload_total, ceil($upload_total / $this->config->get('config_limit_admin'))); $data['filter_name'] = $filter_name; $data['filter_date_added'] = $filter_date_added; $data['sort'] = $sort; $data['order'] = $order; $data['header'] = $this->load->controller('common/header'); $data['column_left'] = $this->load->controller('common/column_left'); $data['footer'] = $this->load->controller('common/footer'); $this->response->setOutput($this->load->view('tool/upload', $data)); } protected function validateDelete() { if (!$this->user->hasPermission('modify', 'tool/upload')) { $this->error['warning'] = $this->language->get('error_permission'); } return !$this->error; } public function download() { $this->load->model('tool/upload'); if (isset($this->request->get['code'])) { $code = $this->request->get['code']; } else { $code = 0; } $upload_info = $this->model_tool_upload->getUploadByCode($code); if ($upload_info) { $file = DIR_UPLOAD . $upload_info['filename']; $mask = basename($upload_info['name']); if (!headers_sent()) { if (is_file($file)) { header('Content-Type: application/octet-stream'); header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename="' . ($mask ? $mask : basename($file)) . '"'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); readfile($file, 'rb'); exit; } else { exit('Error: Could not find file ' . $file . '!'); } } else { exit('Error: Headers already sent out!'); } } else { $this->load->language('error/not_found'); $this->document->setTitle($this->language->get('heading_title')); $data['breadcrumbs'] = array(); $data['breadcrumbs'][] = array( 'text' => $this->language->get('text_home'), 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) ); $data['breadcrumbs'][] = array( 'text' => $this->language->get('heading_title'), 'href' => $this->url->link('error/not_found', 'user_token=' . $this->session->data['user_token'], true) ); $data['header'] = $this->load->controller('common/header'); $data['column_left'] = $this->load->controller('common/column_left'); $data['footer'] = $this->load->controller('common/footer'); $this->response->setOutput($this->load->view('error/not_found', $data)); } } public function upload() { $this->load->language('sale/order'); $json = array(); // Check user has permission if (!$this->user->hasPermission('modify', 'tool/upload')) { $json['error'] = $this->language->get('error_permission'); } if (!$json) { if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) { // Sanitize the filename $filename = html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'); if ((utf8_strlen($filename) < 3) || (utf8_strlen($filename) > 128)) { $json['error'] = $this->language->get('error_filename'); } // Allowed file extension types $allowed = array(); $extension_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_ext_allowed')); $filetypes = explode("\n", $extension_allowed); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Allowed file mime types $allowed = array(); $mime_allowed = preg_replace('~\r?\n~', "\n", $this->config->get('config_file_mime_allowed')); $filetypes = explode("\n", $mime_allowed); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array($this->request->files['file']['type'], $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Check to see if any PHP files are trying to be uploaded $content = file_get_contents($this->request->files['file']['tmp_name']); if (preg_match('/\<\?php/i', $content)) { $json['error'] = $this->language->get('error_filetype'); } // Return any upload error if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); } } else { $json['error'] = $this->language->get('error_upload'); } } if (!$json) { $file = $filename . '.' . token(32); move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file); // Hide the uploaded file name so people can not link to it directly. $this->load->model('tool/upload'); $json['code'] = $this->model_tool_upload->addUpload($filename, $file); $json['success'] = $this->language->get('text_upload'); } $this->response->addHeader('Content-Type: application/json'); $this->response->setOutput(json_encode($json)); } }